| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This places the UPF in an inconsistent state where a subsequent valid PFCP Session Establishment Request triggers a cascading failure, disrupting the SMF connection and causing service degradation. |
| Improper input validation at one of the endpoints of Eaton xComfort ECI's
web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersecurity
standards continue to evolve and to meet our requirements today, Eaton has decided to discontinue the
product. Upon retirement or end of support, there will be no new security updates, non-security
updates, or paid assisted support options, or online technical content updates. |
| In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow because expression template output is evaluated. |
| A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
| ALGO 8180 IP Audio Alerter Web UI Inclusion of Authentication Cookie in Response Body Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the web-based user interface. The issue results from the lack of proper management of sensitive information. An attacker can leverage this vulnerability to disclose information in the context of the device. Was ZDI-CAN-28297. |
| Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network. |
| Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally. |
| Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network. |
| An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. |
| When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. |
| Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability |
| Windows Cryptographic Information Disclosure Vulnerability |
| Windows Themes Spoofing Vulnerability |
| Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Windows Virtual Trusted Platform Module Denial of Service Vulnerability |
| Windows Virtual Trusted Platform Module Denial of Service Vulnerability |
| Windows Kerberos Information Disclosure Vulnerability |
| Windows BitLocker Information Disclosure Vulnerability |
| Windows Kerberos Denial of Service Vulnerability |
